CN112866300A - Block chain big data safety protection method and system based on artificial intelligence - Google Patents

Block chain big data safety protection method and system based on artificial intelligence Download PDF

Info

Publication number
CN112866300A
CN112866300A CN202110396649.XA CN202110396649A CN112866300A CN 112866300 A CN112866300 A CN 112866300A CN 202110396649 A CN202110396649 A CN 202110396649A CN 112866300 A CN112866300 A CN 112866300A
Authority
CN
China
Prior art keywords
data
information
network
target network
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110396649.XA
Other languages
Chinese (zh)
Inventor
赖祎华
高斌
陈宙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao Yunuo Internet Co ltd
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202110396649.XA priority Critical patent/CN112866300A/en
Publication of CN112866300A publication Critical patent/CN112866300A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a block chain big data safety protection method and system based on artificial intelligence, and relates to the technical field of data safety. In the invention, firstly, when a data access request of target network equipment for data to be protected is received, equipment verification processing is carried out on the target network equipment to obtain a corresponding equipment verification result. And secondly, if the device verification result is verification failure, detecting whether the target network device belongs to a network attack device, wherein the network attack device is used for illegally accessing data through network attack. Then, if the target network device belongs to the network attack device, redirecting the access object of the data access request from the data to be protected to other pre-generated data, wherein at least part of different data exists between the other data and the data to be protected. Based on the method, the safety degree of data protection can be improved.

Description

Block chain big data safety protection method and system based on artificial intelligence
Technical Field
The invention relates to the technical field of data security, in particular to a block chain big data security protection method and system based on artificial intelligence.
Background
The block chain is used as an integrated innovation of a plurality of technologies such as a point-to-point network, cryptography, a sharing mechanism, an intelligent contract and the like, and provides a trusted channel for information and value transfer and exchange in an untrusted network. The block chain technology is a popular concept in the world no matter in the aspect of constructing the internet with free value circulation or in the aspect of data sharing based on 'establishing a joint multi-center' of an enterprise, and has wide market prospect. The block chain data security is the basis of data application, wherein in the prior art, in order to ensure the security of data, the security protection is generally improved for important block chain data. However, the inventors have found that the conventional security technologies have a problem that the security level of data protection is low.
Disclosure of Invention
In view of this, the present invention provides a block chain big data security protection method and system based on artificial intelligence, so as to improve the security degree of data protection.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
a block chain big data safety protection method based on artificial intelligence comprises the following steps:
when a data access request of target network equipment for data to be protected is received, equipment verification processing is carried out on the target network equipment to obtain a corresponding equipment verification result;
if the device verification result is verification failure, detecting whether the target network device belongs to a network attack device, wherein the network attack device is used for illegally accessing data through network attack;
if the target network device belongs to a network attack device, redirecting the access object of the data access request from the data to be protected to other pre-generated data, wherein at least part of different data exists between the other data and the data to be protected.
In a possible embodiment, in the above artificial intelligence-based method for securing big data of a blockchain, if the device authentication result is an authentication failure, the step of detecting whether the target network device belongs to a network attack device includes:
if the device verification result is verification failure, acquiring a pre-formed and stored network attack device list from a target database, and acquiring device identity information of the target network device;
and judging whether the network attack device list comprises the device identity information of the target network device, and determining that the target network device belongs to the network attack device when the network attack device list comprises the device identity information of the target network device.
In a possible embodiment, in the above artificial intelligence-based block chain big data security protection method, if the device verification result is a verification failure, the step of detecting whether the target network device belongs to a network attack device further includes:
if the network attack device list does not include the device identity information of the target network device, determining that the target network device does not belong to the network attack device; or
If the network attack device list does not include the device identity information of the target network device, calculating the device association degree between each network attack device in the network attack device list and the target network device, and determining whether the target network device belongs to the network attack device or not based on the device association degree between each network attack device in the network attack device list and the target network device.
In a possible embodiment, in the artificial intelligence-based blockchain big data security protection method, the step of determining whether the target network device belongs to a network attack device based on a device association degree between each network attack device in the list of network attack devices and the target network device includes:
obtaining historical data access network behavior information of the target network equipment to obtain at least one piece of historical data access network behavior information, wherein each piece of historical data access network behavior information is formed based on each data access of the target network equipment in history;
analyzing the at least one piece of historical data access network behavior information to obtain first probability information of the target network equipment belonging to network attack equipment;
determining second probability information that the target network device belongs to the network attack device based on the device association degree between each network attack device and the target network device;
and performing weighting calculation based on the first probability information and the second probability information to obtain probability weighting information, and determining whether the target network equipment belongs to network attack equipment or not based on the probability weighting information and predetermined probability threshold information.
In a possible embodiment, in the artificial intelligence-based blockchain big data security protection method, the analyzing the at least one piece of historical data access network behavior information to obtain first probability information that the target network device belongs to a network attack device includes:
classifying the plurality of pieces of acquired historical data access network behavior information based on whether the access equipment corresponding to each piece of historical data access network behavior information belongs to the same network equipment or not, and acquiring a plurality of network behavior information sets;
taking the network behavior information set with the largest number of historical data access network behavior information in the plurality of network behavior information sets as a target network behavior information set, and acquiring access time period information corresponding to each piece of historical data access network behavior information in the target network behavior information set;
in the target network behavior information set, determining historical data access network behavior information with the maximum time correlation degree with a data access request of the target network equipment for the data to be protected to obtain first historical data access network behavior information, and determining target period information according to access period information corresponding to the first historical data access network behavior information;
determining historical data access network behavior information intersected with the target time interval information based on access time interval information corresponding to each piece of historical data access network behavior information to obtain second historical data access network behavior information, and obtaining new target time interval information according to access time interval information corresponding to each piece of second historical data access network behavior information;
determining historical data access network behavior information intersected with the new target time period information based on corresponding access time period information in each piece of historical data access network behavior information to obtain a plurality of pieces of third historical data access network behavior information;
and obtaining first probability information of the target network device belonging to the network attack device based on the quantity ratio of third history data access network behavior information with first network behavior mark information in the plurality of pieces of third history data access network behavior information, wherein the first network behavior mark information is used for representing that the access device corresponding to the corresponding third history data access network behavior information carries out access abnormity mark on the target network device after the target network device carries out data access.
In a possible embodiment, in the above artificial intelligence-based method for securing big data of a blockchain, if the device authentication result is an authentication failure, the step of detecting whether the target network device belongs to a network attack device includes:
if the device verification result is verification failure, obtaining historical data access network behavior information of the target network device to obtain at least one piece of historical data access network behavior information, wherein each piece of historical data access network behavior information is formed after data access is performed on each time in history on the basis of the target network device;
analyzing the at least one piece of historical data access network behavior information to obtain first probability information of the target network equipment belonging to network attack equipment;
determining whether the target network device belongs to a network attack device based on the first probability information and predetermined probability threshold information, wherein if the first probability information is greater than or equal to the probability threshold information, the target network device belongs to the network attack device, and if the first probability information is less than the probability threshold information, the target network device does not belong to the network attack device.
In a possible embodiment, in the artificial intelligence based block chain big data security protection method, the artificial intelligence based block chain big data security protection method further includes a step of generating the other data for the data to be protected, where the step includes:
carrying out data content identification processing on the data to be protected to obtain a corresponding content identification result;
segmenting the data to be protected based on the similarity between the content identification result and the data content to obtain at least one data segment, wherein the at least one data segment forms the data to be protected, and the data similarity between different data segments is smaller than a similarity threshold value;
respectively determining the importance degree of each data fragment in the at least one data fragment based on the content identification result to obtain the importance degree information of each data fragment;
classifying the at least one data segment based on the importance degree information and predetermined importance degree threshold information to obtain at least one first-class data segment, or obtain at least one first-class data segment and at least one second-class data segment, wherein the importance degree information of each first-class data segment is greater than or equal to the importance degree threshold information, and the importance degree information of each second-class data segment is less than the importance degree threshold information;
modifying each first-type data fragment respectively to obtain an updated data fragment corresponding to each first-type data fragment;
and constructing and forming the other data corresponding to the data to be protected based on each updating data segment and each second type data segment.
In a possible embodiment, in the artificial intelligence based blockchain big data security protection method, the artificial intelligence based blockchain big data security protection method further includes:
and if the equipment verification result is successful verification, sending the data to be protected to the target network equipment based on the data access request, wherein if the equipment identity information of the target network equipment belongs to a pre-established identity information set, the equipment verification result corresponding to the target network equipment is determined to be successful verification, and if the equipment identity information of the target network equipment does not belong to the pre-established identity information set, the equipment verification result corresponding to the target network equipment is determined to be failed verification.
In a possible embodiment, in the artificial intelligence based blockchain big data security protection method, the artificial intelligence based blockchain big data security protection method further includes:
if the target network device does not belong to the network attack device, rejecting the data access request of the target network device to the data to be protected, generating corresponding access failure notification information, and sending the access failure notification information to the target network device based on the data access request.
The invention also provides a block chain big data safety protection system based on artificial intelligence, which comprises:
the network equipment verification module is used for performing equipment verification processing on target network equipment when receiving a data access request of the target network equipment for data to be protected to obtain a corresponding equipment verification result;
the network equipment detection module is used for detecting whether the target network equipment belongs to network attack equipment or not when the equipment verification result is verification failure, wherein the network attack equipment is used for illegally acquiring data through network attack;
and the access object redirection module is used for redirecting the access object of the data access request from the data to be protected to other pre-generated data when the target network device belongs to a network attack device, wherein at least part of different data exists between the other data and the data to be protected.
According to the block chain big data safety protection method and system based on artificial intelligence, when a data access request of target network equipment for data to be protected is received, equipment verification processing is carried out firstly, whether the target network equipment belongs to network attack equipment or not is detected when verification fails, and therefore when the target network equipment belongs to the network attack equipment, an access object of the data access request is redirected to other pre-generated data from the data to be protected. Based on the method, the problem that the subsequent attack which is possibly identified by the network attack can be continuously caused by directly refusing the access request when the target network equipment is determined to belong to the network attack equipment can be avoided, and therefore the safety degree of data protection is improved.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
Fig. 1 is an application block diagram of a block chain big data security protection device based on artificial intelligence according to an embodiment of the present invention.
Fig. 2 is a schematic flowchart of steps included in the artificial intelligence-based block chain big data security protection method according to an embodiment of the present invention.
Fig. 3 is a block diagram illustrating functional modules included in a block chain big data security protection system based on artificial intelligence according to an embodiment of the present invention.
Icon: 10-artificial intelligence based block chain big data safety protection equipment; 20-a target network device; 100-block chain big data safety protection system based on artificial intelligence; 110-a network device authentication module; 120-network device detection module; 130-access object redirection module.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides an artificial intelligence-based blockchain big data security protection device 10. The artificial intelligence based blockchain big data security protection device 10 may include a memory and a processor, among other things.
In detail, the memory and the processor are electrically connected directly or indirectly to realize data transmission or interaction. For example, they may be electrically connected to each other via one or more communication buses or signal lines. The memory can have stored therein at least one software function (computer program) which can be present in the form of software or firmware. The processor may be configured to execute the executable computer program stored in the memory, so as to implement the artificial intelligence based big data block chain security protection method provided by the embodiment of the present invention (as described later).
Alternatively, the Memory may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), a System on Chip (SoC), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components.
Moreover, the structure shown in fig. 1 is only illustrative, and the artificial intelligence based blockchain big data security device 10 may further include more or fewer components than those shown in fig. 1, or have a different configuration than that shown in fig. 1, for example, may include a communication unit for information interaction with other devices (e.g., electronic devices such as the target network device 20).
In an alternative example, the artificial intelligence based blockchain big data security protection device 10 may be a server with data processing capability.
With reference to fig. 2, an embodiment of the present invention further provides an artificial intelligence based block chain big data security protection method, which is applicable to the artificial intelligence based block chain big data security protection device 10. The method steps defined by the flow related to the artificial intelligence based block chain big data safety protection method can be implemented by the artificial intelligence based block chain big data safety protection device 10.
The specific process shown in FIG. 2 will be described in detail below.
Step S110, when receiving a data access request of the target network device 20 for data to be protected, performs device verification processing on the target network device 20 to obtain a corresponding device verification result.
In this embodiment, when receiving a data access request of a target network device 20 for data to be protected, the artificial intelligence-based block chain big data security protection device 10 may perform device verification processing on the target network device 20, so that a corresponding device verification result may be obtained.
If the device verification result is verification failure, step S120 may be executed.
Step S120, detecting whether the target network device 20 belongs to a network attack device.
In this embodiment, when a device authentication result that is a failure in authentication is obtained based on step S110, the artificial intelligence based blockchain big data security protection device 10 may detect whether the target network device 20 belongs to a network attack device, that is, determine whether the target network device 20 is under a network attack.
Wherein the network attack apparatus is used for illegally accessing data through network attack. And, if the target network device 20 belongs to a network attack device, step S130 may be executed.
Step S130, redirecting the access object of the data access request from the data to be protected to other pre-generated data.
In this embodiment, when it is detected based on step S120 that the target network device 20 belongs to a network attack device, the artificial intelligence-based blockchain big data security protection device 10 may redirect an access object of the data access request from the data to be protected to other pre-generated data.
Wherein there is at least partially different data between the other data and the data to be guarded.
Based on the method, when receiving a data access request of the target network device 20 for data to be protected, device verification processing is performed first, and whether the target network device 20 belongs to a network attack device is detected when verification fails, so that when the target network device 20 belongs to the network attack device, an access object of the data access request is redirected from the data to be protected to other pre-generated data. Based on this, the problem that the subsequent attack which may be identified by the network attack continues due to the direct denial of the access request when the target network device 20 is determined to belong to the network attack device can be avoided, so that the security degree of data protection is improved.
In the first aspect, it should be noted that, in step S110, a specific manner of performing the device authentication processing on the target network device 20 is not limited, and may be selected according to actual application requirements.
For example, in an alternative example, the device identity information of the target network device 20 may be obtained first, and then the device identity information is compared with a pre-established identity information set, where if the device identity information of the target network device 20 belongs to the identity information set, the device authentication result corresponding to the target network device 20 is determined to be successful in authentication, and if the device identity information of the target network device 20 does not belong to the pre-established identity information set, the device authentication result corresponding to the target network device 20 is determined to be failed in authentication.
It can be understood that the device corresponding to each device identity information in the identity information set belongs to a device which has a right to access the data to be protected. The device identity information may refer to unique identification information such as device fingerprint or network address information of the device.
That is to say, in this embodiment, it may be detected whether the target network device 20 has an authority to access the data to be protected first, and when there is no authority to access the data to be protected, it may be detected whether the target network device 20 belongs to a network attack device.
In the second aspect, it should be noted that, in step S120, a specific manner for detecting whether the target network device 20 belongs to a network attack device is not limited, and may be selected according to actual requirements.
For example, in an alternative example, if the target network device 20 has more history data, in order to detect whether the result of the network attack device has higher accuracy, the target network device 20 may be detected based on the following steps:
first, if the device verification result is that the verification fails, historical data access network behavior information of the target network device 20 may be obtained to obtain at least one piece of historical data access network behavior information, where each piece of historical data access network behavior information is formed based on each data access performed by the target network device 20 in history;
secondly, analyzing the at least one piece of historical data access network behavior information to obtain first probability information that the target network device 20 belongs to a network attack device;
then, it is determined whether the target network device 20 belongs to a network attack device based on the first probability information and predetermined probability threshold information, wherein if the first probability information is greater than or equal to the probability threshold information, the target network device 20 belongs to the network attack device, and if the first probability information is less than the probability threshold information, the target network device 20 does not belong to the network attack device (wherein the probability threshold information may be generated based on a configuration operation performed by a user according to an actual application scenario, and when an effect of protecting data is high, the probability threshold information may be small, and when an effect of accessing data is high, the probability threshold information may be large).
Based on this, it can be determined whether the target network device 20 belongs to a network attack device according to the data access network behavior performed by the target network device 20 in history, and when the data volume is large, the detection result can have high accuracy.
For another example, in another alternative example, in order to improve the efficiency of detection, the target network device 20 may be detected based on the following steps:
first, if the device verification result is a verification failure, a pre-formed and stored network attack device list may be obtained from a target database, and device identity information of the target network device 20 may be obtained (that is, the artificial intelligence-based blockchain big data security protection device 10 may perform detection and judgment by itself, and obtain identity information of various network attack devices from other devices, and then form the network attack device list based on the identity information, and store the network attack device list in the target database, where the target database may be a local database of the artificial intelligence-based blockchain big data security protection device 10, or a remote database of the artificial intelligence-based blockchain big data security protection device 10);
secondly, it is determined whether the network attack device list includes the device identity information of the target network device 20, and when the network attack device list includes the device identity information of the target network device 20, it is determined that the target network device 20 belongs to the network attack device.
Based on this, by directly comparing the device identity information of the target network device 20 with the network attack device list, the detection efficiency can be sufficiently improved, and the calculation amount is small.
Optionally, on the basis of the above example, if the network attack device list does not include the device identity information of the target network device 20, a specific processing manner is not limited.
For example, in an alternative example, in order to improve processing efficiency, if the device identity information of the target network device 20 is not included in the network attack device list, it may be determined that the target network device 20 does not belong to a network attack device.
For another example, in another alternative example, in order to further improve the security of detection, if the device identity information of the target network device 20 is not included in the network attack device list, a device association degree between each network attack device in the network attack device list and the target network device 20 may be first calculated, and then, based on the device association degree between each network attack device in the network attack device list and the target network device 20, whether the target network device 20 belongs to a network attack device may be determined.
It is to be understood that, in the above example, the specific manner of calculating the device association degree between the network attack device and the target network device 20 is not limited.
For example, in an alternative example, the data interaction amount between the network attack device and the target network device 20 may be obtained, and then the corresponding device association degree is determined based on the data interaction amount. The larger the data interaction amount is, the larger the corresponding device association degree can be; conversely, the smaller the data interaction amount is, the smaller the corresponding device association degree can be.
It is to be understood that, in the above example, the specific manner of determining whether the target network device 20 belongs to the network attack device based on the device association degree is not limited.
For example, in an alternative example, the device association degree between each network attack device and the target network device 20 may be compared with an association degree threshold generated according to the configuration operation of the user, then, the number or the proportion of network attack devices whose device association degree is greater than the association degree threshold is determined, and then, whether the target network device 20 belongs to the network attack device is determined based on the number or the proportion, for example, if the number is greater than a preset number or the proportion is greater than a preset proportion, the target network device 20 is determined to belong to the network attack device.
For another example, in another alternative example, in order to improve the accuracy of determining whether the target network device 20 belongs to a network attack device, the following steps may be performed:
firstly, obtaining historical data access network behavior information of the target network device 20 to obtain at least one piece of historical data access network behavior information, wherein each piece of historical data access network behavior information is formed after data access is performed historically on the basis of the target network device 20;
secondly, analyzing the at least one piece of historical data access network behavior information to obtain first probability information that the target network device 20 belongs to a network attack device;
then, second probability information that the target network device 20 belongs to a network attack device is determined based on the device association degree between each network attack device and the target network device 20 (for example, in an alternative example, the device association degree between each network attack device and the target network device 20 may be first compared with an association degree threshold generated according to configuration operation of a user, and then, a proportion of network attack devices whose device association degree is greater than the association degree threshold is determined, and then, the proportion is used as the second probability information);
finally, probability weighting information is obtained by performing a weighting calculation based on the first probability information and the second probability information (wherein, when the amount of the historical data access network behavior information is large, the weight coefficient of the first probability information may be larger than the weight coefficient of the second probability information, when the amount of the network attack device is large, the weight coefficient of the first probability information may be larger than the weight coefficient of the second probability information), and whether the target network device 20 belongs to the network attack device is determined based on the probability weighting information and predetermined probability threshold information (wherein, the probability threshold information may be generated based on a configuration operation performed by a user according to an actual application scenario, when the data protection effect is high, the probability threshold information may be smaller, and, when the effectiveness of the data access is high, the probability threshold information may be larger), if the probability weighting information is greater than or equal to the probability threshold information, it may be determined that the target network device 20 belongs to a network attack device; otherwise, if the probability weighting information is smaller than the probability threshold information, it may be determined that the target network device 20 does not belong to a network attack device).
Based on the above steps, since the device association degree with the determined network attack device and the historical network behavior of the target network device 20 are considered together when comparing with the probability threshold information, the determination result can have higher reliability.
It is to be understood that, in the above example, the specific manner of obtaining the first probability information that the target network device 20 belongs to the network attack device based on the parsing process is not limited.
For example, in an alternative example, in order to fully consider the correlation between behaviors to improve the reliability of the obtained first probability information and further improve the detection accuracy, the first probability information that the target network device 20 belongs to the network attack device may be determined based on the following steps:
a first step of classifying the obtained pieces of historical data access network behavior information based on whether an access device corresponding to each piece of historical data access network behavior information (i.e., a network device historically accessed by the target network device 20) belongs to the same network device, so as to obtain a plurality of network behavior information sets (for example, access devices corresponding to historical data access network behavior information in different network behavior information sets are different);
secondly, taking the network behavior information set with the largest amount of historical data access network behavior information included in the plurality of network behavior information sets as a target network behavior information set (that is, the amount of the historical data access network behavior information included in each network behavior information set can be counted first, and then taking the network behavior information set with the largest amount as the target network behavior information set);
thirdly, obtaining access period information corresponding to each piece of historical data access network behavior information in the target network behavior information set (for example, the access period information may include time of receiving an access request and time of feeding back accessed data);
fourthly, in the target network behavior information set, determining historical data access network behavior information having a maximum time association degree with the data access request of the target network device 20 for the data to be protected to obtain first historical data access network behavior information (wherein, the time association degree may refer to an association degree between the time information of the data access request and the time information of the access request corresponding to the historical data access network behavior information, for example, calculating a difference value between two pieces of time information to obtain a first difference value, then calculating a difference value of time periods to which the two pieces of time information belong respectively to obtain a second difference value, then normalizing the first difference value and the second difference value respectively and then performing weighted calculation to obtain a weighted value, and then using the weighted value as the association degree, wherein, the time characteristics of network attack by a network attack device can be based on, dividing a day into a plurality of periods, for example, the period length corresponding to a time which is more frequent for network attacks may be smaller);
fifthly, determining target period information (for example, the target period information may be a time period between access period information of the first historical data access network behavior information) according to access period information corresponding to the first historical data access network behavior information;
sixthly, determining historical data access network behavior information intersected with the target time interval information based on access time interval information corresponding to each piece of historical data access network behavior information to obtain second historical data access network behavior information;
seventhly, obtaining new target time interval information according to the access time interval information corresponding to each piece of second historical data access network behavior information;
eighthly, determining historical data access network behavior information intersected with the new target period information based on corresponding access period information in each piece of historical data access network behavior information to obtain a plurality of pieces of third historical data access network behavior information (so that the fact that one piece of first historical data access network behavior information is expanded into a plurality of pieces of third historical data access network behavior information can be achieved, and accuracy of subsequent calculation is improved);
ninth, obtaining first probability information that the target network device 20 belongs to a network attack device based on a quantity ratio of third history data access network behavior information having first network behavior mark information in the plurality of pieces of third history data access network behavior information (wherein the quantity ratio may have a positive correlation with the first probability information, for example, the quantity ratio may be directly used as the first probability information), wherein the first network behavior mark information is used to represent that an access device corresponding to the corresponding third history data access network behavior information performs access abnormality marking on the target network device 20 after the target network device 20 performs data access (that is, historically, if the target network device 20 performs access abnormality marking on other network devices after the other network devices perform access, the first network behavior flag information may be carried when generating the corresponding third history data access network behavior information).
For another example, in an alternative example, in order to improve the reliability of the obtained first probability information to further improve the detection accuracy, the first probability information that the target network device 20 belongs to the network attack device may be determined based on the following steps:
the method comprises the steps that firstly, a plurality of pieces of historical data access network behavior information are sequenced based on the generation time of access requests corresponding to each piece of historical data access network behavior information, and a network behavior information ordered set is obtained (namely, the historical data access network behavior information of the network behavior information ordered set has a precedence relationship);
a second step of determining a data access frequency of the target network device for performing historical data access based on the number of the plurality of pieces of historical data access network behavior information and a time length of a generation time of an access request corresponding to the plurality of pieces of historical data access network behavior information (for example, a difference value between an earliest generation time and a latest generation time of a corresponding access request may be taken as the time length);
thirdly, determining first historical data access network behavior information in the network behavior information ordered set, and determining the position of the first historical data access network behavior information in the network behavior information ordered set to obtain a first position, wherein the access device corresponding to the first historical data access network behavior information is one of all access devices which has the largest device association degree with the artificial intelligence-based blockchain big data security protection device 10 (wherein if the device association degrees between all the access devices and the artificial intelligence-based blockchain big data security protection device 10 are the same, the historical data access network behavior information corresponding to any one access device is used as the first historical data access network behavior information);
a fourth step of, if an offset position obtained after offsetting the first position based on the inverse of the data access frequency belongs to the outside of the ordered set of network behavior information, taking a piece of historical data access network behavior information with the latest generation time of the access request corresponding to the ordered set of network behavior information as second historical data access network behavior information (it is understood that, in an alternative example, the generation time of the access request corresponding to the historical data access network behavior information located earlier in the ordered set of network behavior information is earlier, and the generation time of the access request corresponding to the historical data access network behavior information located later is later, and the direction of offsetting may be offset along the later position);
fifthly, if the offset position obtained after offsetting the first position based on the inverse of the data access frequency belongs to the network behavior information ordered set, taking the historical data access network behavior information corresponding to the offset position as second historical data access network behavior information (wherein if the inverse of the data access frequency is not an integer, historical data access network behavior information corresponding to an access device with a greater device association degree between two adjacent pieces of historical data access network behavior information before and after the offset position and the artificial intelligence-based large block chain data security protection device 10 can be taken as the second historical data access network behavior information);
sixthly, in the network behavior information ordered set, taking the first historical data access network behavior information as a starting point and the second historical data access network behavior information as an end point, obtaining each piece of historical data access network behavior information between the starting point and the end point (which can comprise the starting point and the end point), obtaining a plurality of pieces of historical data access network behavior information, and taking the plurality of pieces of historical data access network behavior information as a plurality of pieces of target historical data access network behavior information;
a seventh step of obtaining first probability information that the target network device 20 belongs to a network attack device based on a quantity ratio of target historical data access network behavior information having first network behavior marking information in the plurality of pieces of target historical data access network behavior information (wherein the quantity ratio and the first probability information may have a positive correlation, for example, the quantity ratio may be directly used as the first probability information), wherein the first network behavior marking information is used for representing that an access device corresponding to the corresponding target historical data access network behavior information marks an access abnormality for the target network device 20 after the target network device 20 performs data access (that is, if the target network device 20 performs access for other network devices in history, if the other network device performs an abnormal marking for access of the target network device 20, the first network behavior flag information may be carried when generating corresponding target historical data access network behavior information).
In the third aspect, it should be noted that, for the step S130, a specific manner of redirecting the data access request to the other data is not limited, for example, some existing redirection technologies may be adopted, or the redirection may be implemented based on some existing hijacking technologies, and is not limited in this respect.
On the basis of the above example, if the device verification result obtained in step S110 is successful, the corresponding processing manner is not limited.
For example, in an alternative example, if the device authentication result is successful, the data to be guarded may be sent to the target network device 20 based on the data access request. If the device identity information of the target network device 20 belongs to the pre-established identity information set, it is determined that the device authentication result corresponding to the target network device 20 is successful, and if the device identity information of the target network device 20 does not belong to the pre-established identity information set, it is determined that the device authentication result corresponding to the target network device 20 is failed.
Based on this, normal data access requests can be timely completed.
On the basis of the above example, if it is detected based on step S120 that the target network device 20 does not belong to the network attack device, the corresponding processing manner is not limited.
For example, in an alternative example, if the target network device 20 does not belong to a network attack device, the data access request of the target network device 20 to the data to be guarded is rejected, then, corresponding access failure notification information is generated, and the access failure notification information is sent to the target network device 20 based on the data access request.
Based on this, the target network device 20 can be notified in time, for example, if the data to be protected needs to be accessed, some operations may be performed first to obtain access rights, and the like.
On the basis of the above example, since the other data needs to be used in step S130, the other data also needs to be generated first, wherein the specific manner of generating the other data is not limited and can be selected according to the actual application requirements.
For example, in an alternative example, any data that is related to the data to be protected and has been disclosed or does not need to be kept secret may be acquired as the other data.
For another example, in another alternative example, in order to improve the disguising effect of the other data, namely, to prevent the network attack device from recognizing that the other data is not the data to be protected, the other data may be generated based on the following steps:
firstly, performing data content identification processing on the data to be protected to obtain a corresponding content identification result (for example, each part of the data to be protected can be identified to obtain the content represented by each part, such as a representation identity, a representation working experience, a representation education experience, and the like);
secondly, segmenting the data to be protected based on the content identification result and the similarity between the data contents to obtain at least one data segment, wherein the at least one data segment constitutes the data to be protected, and the data similarity between different data segments is smaller than a similarity threshold (for example, the data representing different contents can be segmented into different data segments, for example, the content representing identity is used as one data segment, and the content representing work experience is used as another data segment);
thirdly, respectively determining the importance degree of each data segment in the at least one data segment based on the content identification result to obtain the importance degree information of each data segment (wherein, the manner of determining the importance degree is not limited, for example, in an alternative example, considering different requirements of different users, thus, the importance degree of the data segment representing the identity can be determined based on the configuration operation of the user, and if the user a considers the identity information to be the most important and the work experience information to be the second time, the importance degree of the data segment representing the identity can be determined to be higher than the importance degree of the data segment representing the work experience);
fourthly, based on the importance degree information and predetermined importance degree threshold information, classifying the at least one data segment to obtain at least one first class data segment, or obtaining at least one first class data segment and at least one second class data segment, wherein the importance degree information of each first class data segment is greater than or equal to the importance degree threshold information, and the importance degree information of each second class data segment is less than the importance degree threshold information (for example, each data segment whose importance degree is greater than the importance degree threshold may be determined as a first class data segment, each data segment whose importance degree is less than or equal to the importance degree threshold may be determined as a second class data segment, wherein, if there is no data segment whose importance degree is greater than the importance degree threshold, any number of data fragments may be determined as the first type of data fragments; and, the importance threshold may be generated based on configuration operations performed by a user according to an actual application scenario);
fifthly, modifying each first-type data fragment to obtain an updated data fragment corresponding to each first-type data fragment (that is, each first-type data fragment can be adjusted, for example, data in the first-type data fragment is replaced by some published data);
and sixthly, constructing the other data corresponding to the data to be protected based on each update data segment and each second-type data segment (for example, the other data may be formed by combining corresponding positions in the data to be protected, or the other data may be formed by combining the data in any order).
With reference to fig. 3, an embodiment of the present invention further provides an artificial intelligence based block chain big data security protection system 100, which is applicable to the artificial intelligence based block chain big data security protection cloud device 10. The artificial intelligence based blockchain big data security protection system 100 may include a network device authentication module 110, a network device detection module 120, and an access object redirection module 130, where the network device authentication module 110, the network device detection module 120, and the access object redirection module 130 may be software function modules stored in a memory of the artificial intelligence based blockchain big data security protection cloud device 10.
The network device verification module 110 is configured to perform device verification processing on the target network device 20 when receiving a data access request of the target network device 20 for data to be protected, so as to obtain a corresponding device verification result. In this embodiment, the specific function of the network device verification module 110 may refer to the explanation of step S110, which is not described in detail herein.
The network device detecting module 120 is configured to detect whether the target network device 20 belongs to a network attack device when the device verification result is a verification failure, where the network attack device is configured to illegally obtain data through a network attack. In this embodiment, the specific function of the network device detecting module 120 may refer to the explanation of step S120, which is not described in detail herein.
The access object redirection module 130 is configured to redirect, when the target network device 20 belongs to a network attack device, an access object of the data access request from the data to be protected to other pre-generated data, where at least part of different data exists between the other data and the data to be protected. In this embodiment, the specific function of the access object redirection module 130 may refer to the explanation of step S130, and is not described in detail herein.
In summary, according to the method and system for securing big data of a blockchain based on artificial intelligence provided by the present invention, when a data access request of a target network device 20 for data to be secured is received, device authentication processing is performed first, and when authentication fails, whether the target network device 20 belongs to a network attack device is detected, so that when the target network device 20 belongs to the network attack device, an access object of the data access request is redirected from the data to be secured to other pre-generated data. Based on this, the problem that the subsequent attack which may be identified by the network attack continues due to the direct denial of the access request when the target network device 20 is determined to belong to the network attack device can be avoided, so that the security degree of data protection is improved.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A block chain big data safety protection method based on artificial intelligence is characterized by comprising the following steps:
when a data access request of target network equipment for data to be protected is received, equipment verification processing is carried out on the target network equipment to obtain a corresponding equipment verification result;
if the device verification result is verification failure, detecting whether the target network device belongs to a network attack device, wherein the network attack device is used for illegally accessing data through network attack;
if the target network device belongs to a network attack device, redirecting the access object of the data access request from the data to be protected to other pre-generated data, wherein at least part of different data exists between the other data and the data to be protected.
2. The artificial intelligence-based block chain big data security protection method according to claim 1, wherein the step of detecting whether the target network device belongs to a network attack device if the device verification result is a verification failure comprises:
if the device verification result is verification failure, acquiring a pre-formed and stored network attack device list from a target database, and acquiring device identity information of the target network device;
and judging whether the network attack device list comprises the device identity information of the target network device, and determining that the target network device belongs to the network attack device when the network attack device list comprises the device identity information of the target network device.
3. The artificial intelligence-based block chain big data security protection method according to claim 2, wherein the step of detecting whether the target network device belongs to a network attack device if the device authentication result is authentication failure further comprises:
if the network attack device list does not include the device identity information of the target network device, determining that the target network device does not belong to the network attack device; or
If the network attack device list does not include the device identity information of the target network device, calculating the device association degree between each network attack device in the network attack device list and the target network device, and determining whether the target network device belongs to the network attack device or not based on the device association degree between each network attack device in the network attack device list and the target network device.
4. The artificial intelligence based block chain big data security protection method according to claim 3, wherein the step of determining whether the target network device belongs to a network attack device based on the device association degree between each network attack device in the network attack device list and the target network device includes:
obtaining historical data access network behavior information of the target network equipment to obtain at least one piece of historical data access network behavior information, wherein each piece of historical data access network behavior information is formed based on each data access of the target network equipment in history;
analyzing the at least one piece of historical data access network behavior information to obtain first probability information of the target network equipment belonging to network attack equipment;
determining second probability information that the target network device belongs to the network attack device based on the device association degree between each network attack device and the target network device;
and performing weighting calculation based on the first probability information and the second probability information to obtain probability weighting information, and determining whether the target network equipment belongs to network attack equipment or not based on the probability weighting information and predetermined probability threshold information.
5. The artificial intelligence based blockchain big data security protection method according to claim 4, wherein the step of analyzing the at least one piece of historical data access network behavior information to obtain the first probability information that the target network device belongs to a network attack device includes:
classifying the plurality of pieces of acquired historical data access network behavior information based on whether the access equipment corresponding to each piece of historical data access network behavior information belongs to the same network equipment or not, and acquiring a plurality of network behavior information sets;
taking the network behavior information set with the largest number of historical data access network behavior information in the plurality of network behavior information sets as a target network behavior information set, and acquiring access time period information corresponding to each piece of historical data access network behavior information in the target network behavior information set;
in the target network behavior information set, determining historical data access network behavior information with the maximum time correlation degree with a data access request of the target network equipment for the data to be protected to obtain first historical data access network behavior information, and determining target period information according to access period information corresponding to the first historical data access network behavior information;
determining historical data access network behavior information intersected with the target time interval information based on access time interval information corresponding to each piece of historical data access network behavior information to obtain second historical data access network behavior information, and obtaining new target time interval information according to access time interval information corresponding to each piece of second historical data access network behavior information;
determining historical data access network behavior information intersected with the new target time period information based on corresponding access time period information in each piece of historical data access network behavior information to obtain a plurality of pieces of third historical data access network behavior information;
and obtaining first probability information of the target network device belonging to the network attack device based on the quantity ratio of third history data access network behavior information with first network behavior mark information in the plurality of pieces of third history data access network behavior information, wherein the first network behavior mark information is used for representing that the access device corresponding to the corresponding third history data access network behavior information carries out access abnormity mark on the target network device after the target network device carries out data access.
6. The artificial intelligence-based block chain big data security protection method according to claim 1, wherein the step of detecting whether the target network device belongs to a network attack device if the device verification result is a verification failure comprises:
if the device verification result is verification failure, obtaining historical data access network behavior information of the target network device to obtain at least one piece of historical data access network behavior information, wherein each piece of historical data access network behavior information is formed after data access is performed on each time in history on the basis of the target network device;
analyzing the at least one piece of historical data access network behavior information to obtain first probability information of the target network equipment belonging to network attack equipment;
determining whether the target network device belongs to a network attack device based on the first probability information and predetermined probability threshold information, wherein if the first probability information is greater than or equal to the probability threshold information, the target network device belongs to the network attack device, and if the first probability information is less than the probability threshold information, the target network device does not belong to the network attack device.
7. The artificial intelligence based block chain big data security protection method according to any one of claims 1 to 6, wherein the artificial intelligence based block chain big data security protection method further comprises a step of generating the other data for the data to be protected, and the step comprises:
carrying out data content identification processing on the data to be protected to obtain a corresponding content identification result;
segmenting the data to be protected based on the similarity between the content identification result and the data content to obtain at least one data segment, wherein the at least one data segment forms the data to be protected, and the data similarity between different data segments is smaller than a similarity threshold value;
respectively determining the importance degree of each data fragment in the at least one data fragment based on the content identification result to obtain the importance degree information of each data fragment;
classifying the at least one data segment based on the importance degree information and predetermined importance degree threshold information to obtain at least one first-class data segment, or obtain at least one first-class data segment and at least one second-class data segment, wherein the importance degree information of each first-class data segment is greater than or equal to the importance degree threshold information, and the importance degree information of each second-class data segment is less than the importance degree threshold information;
modifying each first-type data fragment respectively to obtain an updated data fragment corresponding to each first-type data fragment;
and constructing and forming the other data corresponding to the data to be protected based on each updating data segment and each second type data segment.
8. The artificial intelligence based block chain big data security protection method according to any one of claims 1 to 6, wherein the artificial intelligence based block chain big data security protection method further comprises:
and if the equipment verification result is successful verification, sending the data to be protected to the target network equipment based on the data access request, wherein if the equipment identity information of the target network equipment belongs to a pre-established identity information set, the equipment verification result corresponding to the target network equipment is determined to be successful verification, and if the equipment identity information of the target network equipment does not belong to the pre-established identity information set, the equipment verification result corresponding to the target network equipment is determined to be failed verification.
9. The artificial intelligence based block chain big data security protection method according to any one of claims 1 to 6, wherein the artificial intelligence based block chain big data security protection method further comprises:
if the target network device does not belong to the network attack device, rejecting the data access request of the target network device to the data to be protected, generating corresponding access failure notification information, and sending the access failure notification information to the target network device based on the data access request.
10. The utility model provides a block chain big data safety protection system based on artificial intelligence which characterized in that includes:
the network equipment verification module is used for performing equipment verification processing on target network equipment when receiving a data access request of the target network equipment for data to be protected to obtain a corresponding equipment verification result;
the network equipment detection module is used for detecting whether the target network equipment belongs to network attack equipment or not when the equipment verification result is verification failure, wherein the network attack equipment is used for illegally acquiring data through network attack;
and the access object redirection module is used for redirecting the access object of the data access request from the data to be protected to other pre-generated data when the target network device belongs to a network attack device, wherein at least part of different data exists between the other data and the data to be protected.
CN202110396649.XA 2021-04-13 2021-04-13 Block chain big data safety protection method and system based on artificial intelligence Withdrawn CN112866300A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110396649.XA CN112866300A (en) 2021-04-13 2021-04-13 Block chain big data safety protection method and system based on artificial intelligence

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110396649.XA CN112866300A (en) 2021-04-13 2021-04-13 Block chain big data safety protection method and system based on artificial intelligence

Publications (1)

Publication Number Publication Date
CN112866300A true CN112866300A (en) 2021-05-28

Family

ID=75992542

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110396649.XA Withdrawn CN112866300A (en) 2021-04-13 2021-04-13 Block chain big data safety protection method and system based on artificial intelligence

Country Status (1)

Country Link
CN (1) CN112866300A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242497A (en) * 2022-07-21 2022-10-25 贵州风雷科技有限公司 Block chain-based data tamper-proof method and system
CN116094848A (en) * 2023-04-11 2023-05-09 中国工商银行股份有限公司 Access control method, device, computer equipment and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242497A (en) * 2022-07-21 2022-10-25 贵州风雷科技有限公司 Block chain-based data tamper-proof method and system
CN115242497B (en) * 2022-07-21 2023-06-09 深圳力维信息技术有限公司 Block chain-based data tamper-proof method and system
CN116094848A (en) * 2023-04-11 2023-05-09 中国工商银行股份有限公司 Access control method, device, computer equipment and storage medium
CN116094848B (en) * 2023-04-11 2023-06-27 中国工商银行股份有限公司 Access control method, device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
CN107666490B (en) A kind of suspicious domain name detection method and device
US11601400B2 (en) Aggregating alerts of malicious events for computer security
US10574681B2 (en) Detection of known and unknown malicious domains
RU2607229C2 (en) Systems and methods of dynamic indicators aggregation to detect network fraud
US8549645B2 (en) System and method for detection of denial of service attacks
US8205255B2 (en) Anti-content spoofing (ACS)
US9118704B2 (en) Homoglyph monitoring
CN112866300A (en) Block chain big data safety protection method and system based on artificial intelligence
CN109600362B (en) Zombie host recognition method, device and medium based on recognition model
US10965553B2 (en) Scalable unsupervised host clustering based on network metadata
CN112016078B (en) Sealing detection method and device for login equipment, server and storage medium
US10193904B2 (en) Data-driven semi-global alignment technique for masquerade detection in stand-alone and cloud computing systems
CN111835737B (en) WEB attack protection method based on automatic learning and related equipment thereof
Nikolskaya et al. Development of a mathematical model of the control beginning of DDoS-attacks and malicious traffic
Zaimi et al. Survey paper: Taxonomy of website anti-phishing solutions
CN107231383B (en) CC attack detection method and device
CN115211075A (en) Network attack identification in a network environment
CN112804374B (en) Threat IP identification method, threat IP identification device, threat IP identification equipment and threat IP identification medium
CN117376010A (en) Network security method and system based on intelligent network
EP4272377B1 (en) Network adaptive alert prioritization system
CN115242497A (en) Block chain-based data tamper-proof method and system
CN114124453B (en) Processing method and device of network security information, electronic equipment and storage medium
CN111949363A (en) Service access management method, computer equipment, storage medium and system
US11425162B2 (en) Detection of malicious C2 channels abusing social media sites
CN112104625A (en) Process access control method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220126

Address after: 266071 room 519, building 3, No. 288, Ningxia road, Shinan District, Qingdao, Shandong Province

Applicant after: Qingdao Yunuo Internet Co.,Ltd.

Address before: Room 205, building B, Nanning science and technology business incubation base, No.25, east section of Gaoxin Avenue, Nanning, Guangxi 530000

Applicant before: Lai Daihua

WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20210528